How To Shop Online Safely (Without Getting Scammed)

Share this:

Irina Malteseva

Growth marketer fighting scammers

In this article:

    Identity theft and fraud protection for your finances, personal info, and devices.

    See pricing
    Share this:

    Can You Get Scammed While Shopping Online?

    Online shopping is convenient and easy. But is it safe?

    According to the FBI, the second most common internet crime of 2021 was related to online shopping — non-delivery of goods purchased [*]. Just last year, online shoppers lost $337 million to fraudulent online stores. 

    Fraudsters create fake online stores and then use social media ads to lure you in to become a customer. But the products either don’t arrive, aren’t what you expected, or come with huge hidden fees. 

    But it doesn't stop with fake products and unreasonable fees. Shopping from fake online stores can also lead to identity theft.

    Criminals use the information you provided — like your name, address, and credit card details — to take over your identity, drain your bank account, and commit financial fraud

    But this doesn’t mean you need to give up shopping online entirely. Here are some essential steps to take to ensure you’re getting a great deal and not a scam while shopping online.

    What Are the Most Common Online Shopping Scams?

    Unfortunately, there are more online shopping scams than ever.

    According to the Better Business Bureau’s (BBB) 2021 Online Purchase Scams Report, 79% of victims lost money [*] — making online shopping the riskiest scam type of all.

    So, how are fraudsters trying to scam you while you shop online? 

    • Fake online stores: The most common online shopping scam is when fraudsters create a fake shopping website or app. These sites may look legitimate, but they’re designed to steal your sensitive information and credit card numbers.
    • Using Instagram and Facebook ads to fool you: According to one study, 40% of all online shopping scams come from Facebook and Instagram ads [*]. These flashy ads often use hacked accounts and stolen photos, but the products either don’t arrive or are cheap knockoffs of what was advertised. 
    • Selling discounted “luxury” goods: Many online shoppers are scammed by looking at deals that are too good to be true. Criminals create ads for steeply discounted luxury items like designer sunglasses or bags. But the items either don’t arrive or are counterfeit. Be especially careful when shopping for popular or difficult-to-find items.
    • Sending shipping notifications for products that never arrive: The COVID-19 pandemic has caused significant shipping delays for almost all online retailers. One common Covid Scam is when scammers use this to their advantage and send fake shipping “updates” to stop you from reporting their scam. 
    • Using fake reviews to make you think they’re a legitimate site: Most of us believe an online store if they have reviews. But scammers use what’s called a brushing scam to create fake reviews on sites like Amazon or eBay.

    These online shopping scams can appear in legitimate search results, pop up while you’re on social media, or get shared by friends. 

    So, how do you know if a store or product is the real deal or not? 

    14 Essential Tips for Shopping Online Safely

    1. Buy from online retailers you recognize 
    2. Choose stores that use secure websites
    3. Scrutinize the details of any online store you’re unfamiliar with
    4. Insist on using safe payment services (PayPal, credit card, etc.)
    5. Learn the warning signs of a scam email or social media ad
    6. Always check shipping costs and terms
    7. Never store your credit card details with an online store
    8. Create strong, secure passwords and use a password manager
    9. Monitor your credit and bank statements for signs of fraud
    10. Check to see if your account details were leaked in a data breach
    11. Secure your devices with antivirus software and use a VPN
    12. Watch your back when shopping in public
    13. Use official shopping apps whenever possible
    14. Sign up for identity theft protection for added security

    1. Buy from online retailers you recognize

    Major online retailers like Amazon, Walmart, Target, and Best Buy spend millions on ensuring a safe online shopping experience. If one of these stores is selling what you’re looking for, it’s a safer bet. 

    However, there are two things to consider even when shopping with a retailer you know:

    1. Don’t blindly trust search results. Scammers can create fake versions of sites you trust. Nearly 50% of people who lost money to an online shopping scam were targeted in Google search results [*]. Bookmark your favorite shopping sites to visit them directly. And always double check URLs for misspellings or errors (like “Walmrat” instead of “Walmart”). 
    2. Beware of “marketplace” sellers. Sites like Amazon and even Best Buy offer products sold by other retailers on their platform. These sellers don’t always follow the same policies as the site they’re listed on. Amazon blocks billions of fraudulent and scam products every year [*]. But some still get through. Pay special attention to any product that isn’t coming from the official online store.  

    2. Choose stores that use secure websites

    The number one indicator of an online shopping scam is an “unsecure” website. These sites are vulnerable to hackers or could be using compromised payment systems that can steal your credit card information

    How do you know if a site is secure? 

    Secure sites use what’s called SSL (secure sockets layer) encryption. This means that any information you enter — name, shipping address, credit card number — will be masked and can’t be intercepted by hackers. 

    Look for HTTPS (not HTTP) and a padlock symbol near the URL in the address bar. Click on the padlock symbol to check whether the connection is secure and the SSL certificate is valid. This is especially important if you click on an Instagram ad and it takes you to an online store. 

    Walmart.com as an example of a secure URL
    If you click on the padlock near the URL of an online store, you can check if it is "secure"

    📚 Related: The 10 Biggest Instagram Scams Happening Right Now

    3. Scrutinize the details of any online store you’re unfamiliar with

    A secure website doesn’t ensure that you won’t get scammed. Unfortunately, a recent analysis of online scam and phishing sites (which steal your personal information) found that 83% of them used HTTPS while 94% had valid SSL certificates [*]. 

    Instead, you need to look for the warning signs of a scam online store. Here are a few details you should scrutinize before purchasing:

    • Design: E-commerce sellers know that design and high-quality photography are essential. Look for shady designs or low-quality images that could’ve been stolen from other sites. 
    • Pricing: Beware of “too-good-to-be-true” and bargain prices — especially on items that are hard to find elsewhere. Scammers will often discount their prices just enough to be the best choice to avoid suspicion. 
    • URL: Scam websites will often use a web address that looks similar to stores you trust. They also might use “.net” or another domain rather than a “.com” one.
    • Language: Scam online stores often originate in China or other foreign countries. Look for brand names or descriptions that don’t make sense or aren’t in proper English. 
    • Spelling and grammatical errors: Poor spelling and strange syntax or formatting are also hallmarks of a scam store. Don’t just assume it was a mistake. 
    • Company info: What does the “About us” page say? Can you find information about the store? If not, be suspicious.
    • Reviews: Make sure the reviews match the product page and double check by looking for off-site reviews of the store. Many scammers will create fake reviews or steal ones from Amazon to make their sites look more legitimate.

    To be extra-careful, try a simple Google search of “[Store name] + scam/fraud/safe”. Or, search for the store or product name in the Better Business Bureau’s Scam Tracker.

    If someone has been scammed by this shopping site before, you’ll most likely find out with a quick search.

    Pro tip:
    Some antivirus software can warn you if you’re entering a potential scam or phishing site. Aura lets you know if a site shouldn’t be trusted before you enter your sensitive information. Learn more about Aura's phishing protection and antivirus software -->

    4. Insist on using safe payment services (PayPal, credit card, etc.)

    Make sure any site you buy from uses safe payment services such as credit cards or PayPal. 

    Most credit card companies have $0 fraud liability policies, which means you won’t be on the hook for fraudulent charges. Plus, unlike using your debit card, a hacker can’t access your bank account with a stolen credit card.

    One recent study found that users who used a credit card or PayPal lost less or even got their money back from scammers compared to those who used Cash App, Zelle, Venmo, Apple Pay, or a wire transfer [*]. (Less than 1% of Zelle users were able to get their money back!)

    Better Business Bureau stats on the median dollar loss by payment type
    Shoppers who used PayPal on scam websites lost significantly less money. Source: BBB

    There will always be times where you can’t rely on one of these services (such as when you’re buying from an individual and not an online store).

    📚 Related: Scammed on PayPal? Here's What To Do

    5. Learn the warning signs of a scam email or social media ad

    Online shopping scams often originate from unsolicited emails or social media ads. According to the Federal Trade Commission (FTC), social media was the most profitable method of outreach for scammers in 2021 [*].

    While it’s common to get emails or ads from stores you don’t remember shopping at, look for these warning signs before you click a link.

    The warning signs of a scam social media ad include:

    • Low-quality photos or stock imagery.
    • Too-good-to-be true offers or unbelievable discounts. 
    • Links to an online store that looks sketchy. 

    The warning signs of a scam email include:

    • A strange “From” email address that doesn’t match the name on the email.
    • Subject lines that are misspelled or claim too-good-to-be true offers. 
    • The entire email is embedded in an image or iframe.
    • The sender’s email is from a suspicious domain (for example, “@Amazon-support.net”)
    • It contains a strange link or attachment. 

    Scam emails don’t just send you to fake online stores. They can also infect your computer with malware or viruses that will steal your sensitive information or encrypt your data until you pay a “ransom.”

    Pro tip: If you’re receiving a lot of scam and spam emails, your online accounts could be at risk. Scammers buy lists of compromised email addresses stolen during data breaches

    6. Always check shipping costs and terms

    Some online stores will scam you with outrageous shipping costs or long lead times. Others will send you fake shipping “confirmation” emails. 

    Always check the store’s official shipping policy. If you receive a confirmation email, go to the shipping site’s official page (i.e., “USPS.com”) and enter the tracking number you were given. If nothing shows up, it could be a scam. 

    Also check on the site’s official returns policy. Even if you receive a fraudulent item, it can be difficult to reverse the credit card purchase, as your item shows as delivered. Any legitimate online retailer should offer a fair return policy. 

    7. Never store your credit card details with an online store

    It may seem convenient to store your credit card details for future purchases, but hackers often target these systems with cyber attacks to steal your financial information. This means a few extra steps each time you shop, but it’s worth it to keep your credit card safe. 

    It can also be a good idea to checkout using a “guest” log-in rather than create an account. The less information you give an online store, the less criminals can get if that site gets breached.

    If a site is asking for more information than seems necessary — like your phone number, job title, or even Social Security number (SSN) — that’s also a huge red flag.  

    Pro tip: Aura’s online identity theft protection monitors your accounts for suspicious activity or signs they’ve been breached. 

    Aura online identity theft protection software
    Source: Aura online identity theft protection

    8. Create strong, secure passwords and use a password manager

    If you need to create an account for an online store, make sure to use a secure and unique password. 

    A strong password is at least 8 characters long and includes a combination of uppercase and lowercase letters, symbols, and numbers. 

    Unfortunately, most people choose simple passwords or reuse old ones because they don’t want to have to remember multiple complex ones. That’s where a password manager becomes a powerful tool for shopping safely online. 

    Aura’s password manager securely stores all of your account information and gives you access to it when you visit a site. (You don’t have to worry about forgetting them, either.) 

    If you have the option, enable two-factor or multi-factor authentication (2FA or MFA) on your shopping accounts, as well. These are an added layer of security that requires an extra step (like a one-time-use code) along with your password. But skip 2FA over SMS, as it can be compromised. Instead, use an authenticator app like Google or Authy.

    9. Monitor your credit and bank statements for signs of fraud

    If a scammer gets access to your financial information, they can ruin your credit, take out loans in your name, or run up your credit card debt. 

    Make sure to regularly check your bank and credit card statements for any suspicious transactions. Scammers often make tiny charges to “verify” that your card numbers work (called carding).

    You can get a free annual credit report at AnnualCreditReport.com. Check this for any accounts you don’t open or hard inquiries you don’t recognize.  

    10. Check to see if your account details were leaked in a data breach

    Even the most legitimate online shopping sites can get hacked. There’s always the possibility that your account details are already available to anyone on the Dark Web. If they are, you’ll want to change your passwords and set up credit monitoring ASAP. Use Aura's Dark Web Scanner to get started.

    11. Be extra-careful when shopping over Wi-Fi

    Public Wi-Fi networks are notoriously easy to hack. Cybercriminals can use what’s called a man-in-the-middle attack to intercept the data you send to a shopping site, including credit card or payment details.  

    When shopping online, make sure you’re using a secure internet connection. If you need to make purchases while traveling or out of the house, use a virtual private network (VPN). 

    A VPN creates an encrypted environment between your laptop and the server. This means that anyone waiting around to intercept your personal information won’t be able to see it. If you’re shopping online on a public network in a coffee shop or an airport, a VPN is a must. 

    Pro tip:
    Aura’s VPN uses military-grade encryption to keep your data and sensitive information safe from hackers. We’ll also protect your devices from malware and potential phishing attacks. Learn more about Aura's military-grade VPN -->

    12. Watch your back when shopping in public

    “Shoulder surfing” is a common scam where fraudsters watch you enter your login details, credit card information, or other sensitive data in public. Even if your network is secure with a VPN, be aware of your physical surroundings. 

    If you think someone can see your screen, wait to shop until you’re in a more private area.

    13. Use official shopping apps whenever possible

    Large retailers like Amazon and Walmart often have their own mobile apps. If you’re shopping on a mobile device, these apps can be a much safer alternative to visiting their website. 

    But be sure to keep apps updated. Hackers take advantage of bugs or vulnerabilities to breach these apps and steal your information. Turn on auto-updates or install updates as soon as they’re available.

    14. Sign up for identity theft protection for added security

    Even if you follow all of these safe online shopping tips, there’s always the chance that you’ll get hacked or scammed. And in the case of data breaches, it might not even be your fault. 

    To keep your online accounts and financial information safe from criminals, consider signing up for an all-in-one digital security service like Aura.

    With Aura, you get:

    • Credit monitoring with fraud alerts: Near-real time alerts of fraud and suspicious activity on your credit cards and financial accounts.
    • Identity theft and online account protection: Account monitoring of your online passwords, SSN, and other sensitive information that identity thieves try to steal. 
    • Device and network security: Protection from hackers, malware, and phishing sites with advanced antivirus software and a military-grade VPN.
    • 24/7 White Glove Fraud Resolution team: If your identity is stolen or you’re the victim of fraud, our team will walk you through the next steps. 
    • A $1,000,000 insurance policy: You’re covered for eligible losses due to identity theft. 
    Every Aura plan comes with a $1,000,000 insurance policy for eligible losses due to identity theft
    Source: Aura’s $1,000,000 Identity Theft Protection

    Were You Scammed by an Online Store? Here’s What To Do

    Even if you’re careful, online shopping scammers are getting better at tricking you. If you’ve given your financial and personal information to a fake store, here’s what to do next:

    • Check your insurance policy. If you’re signed up for identity theft protection, you should have access to a fraud resolution team that can handle many of the next steps for you. Some companies also offer identity theft protection as part of their benefits package. 
    • Notify your bank and credit card company. Contact your bank and any lenders to let them know that your identity has been stolen and to stop fraudulent transactions. They’ll close your accounts and help you open new ones. 
    • File an official identity theft report with the FTC. Go to IdentityTheft.gov and file an official report with the FTC. This is an essential step if you need to dispute fraudulent charges.
    • File a police report. You can also file a police report for identity theft with your local law enforcement agency. This is an optional step. But you should do it if you have any information about the scammer that could help lead to their arrest.
    • Set up a fraud alert on your credit report. Contact one of the three credit reporting bureaus — Experian, Equifax, or TransUnion — and alert them of the fraud. They’ll set up a fraud alert to protect your credit score from the scammers. 
    • Change your online passwords. If one of your accounts has been compromised, you can assume others are too. Update all of your passwords (especially for sites where you’ve used your credit card).
    • Dispute fraudulent charges and new accounts. Contact any company where fraud has occurred and let them know what happened. They’ll request your FTC report and then cancel any outstanding fraudulent debts.
    • Let others know about the scam. Online shopping scams only work if no one speaks up. Send a report to the BBB’s Scam Tracker and post negative reviews and comments on shopping sites where you were scammed. 

    The Bottom Line: Shop Safely Online All Year Round

    Online shopping scams are rampant during the holiday season. But that’s not the only time to be careful. Any time you provide your banking information online is an opportunity for a scammer to strike. 

    Follow these tips to shop safely online. And for added protection, consider signing up for Aura. We’ll monitor your accounts and financial information for signs of fraud so you can shop, browse, and work online, safely. 

    Ready for ironclad identity theft protection? Try Aura 14-days free.

    Related Articles

    what to do if your identity was stolen
    Identity Theft

    Here's What To Do If Your Identity Is Stolen

    Was your identity stolen? Here’s a step-by-step guide to FAST recovery. Don't let identity theft ruin your life. Aura is here to help.

    Read More
    September 26, 2022
    how to prevent credit card fraud
    Credit & Finance

    10 Ways To Prevent Credit Card Fraud (And Avoid Scams)

    Credit card fraud has gotten out of control. Scammers aren't stopping — that's why it’s crucial to protect your finances and prevent fraud with these steps.

    Read More
    April 27, 2022

    Try Aura—14 Days Free

    Start your free trial today**

    This is some text inside of a div block.

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

    1. Financial identity theft and fraud
    2. Medical identity theft
    3. Child identity theft
    4. Elder fraud and estate identity theft
    5. “Friendly” or familial identity theft
    6. Employment identity theft
    7. Criminal identity theft
    8. Tax identity theft
    9. Unemployment and government benefits identity theft
    10. Synthetic identity theft
    11. Identity cloning
    12. Account takeovers (social media, email, etc.)
    13. Social Security number identity theft
    14. Biometric ID theft
    15. Crypto account takeovers